In essence, the Enquiry’s proposal is that ISPs ought automatically to block access to ‘adult’ content for all users, unless individual users specifically indicate that they wish to retain access to such content when they sign up for internet access (i.e. users have to ‘opt-out’ of having their content filtered).

Gradual erosion of online privacy?

Unsurprisingly, the proposal has raised privacy and freedom of speech objections from several parties. These arguments have tended to come in two flavours; the first states that an ‘opt-out’ proposal is unduly intrusive and serves only to force individuals to reveal unnecessary personal details about themselves to their ISPs. If there is a filter, it ought not be automatic and should instead be rolled out on an ‘opt-in’ basis, with users only signing up if they feel that they require it.

The second argument is more extreme; stating that the censoring of internet content is something that is best left to individuals to implement on their own terms (i.e. by using a program such as Net Nanny or CYBERsitter). Any kind of ‘opt-in/out’ system forces individuals to register their internet browsing preferences with their ISP, eroding their personal privacy and turning ISPs into unelected internet ‘gatekeepers’.

It’s easy to sympathise with the above arguments. Certainly, from a legal perspective it’s difficult to reconcile comfortably an ‘opt-out’ filter with the European Convention on Human Rights’ Article 10 “Freedom to … receive and impart information and ideas without interference…”. However, it can’t be denied that the idea of giving parents the option of setting a content-filter which lies beyond the interference of (increasingly technologically savvy) minors is an appealing one.

A new problem with an old solution?

Interestingly, several UK mobile telephone networks already apply content filters to their users’ handsets, a fact which has raised very little public outcry. Unlike an On/Off filter applied to a child’s mobile handset, a filter applied to an internet connection that services an entire household (possibly containing several different computers) would be a blunt instrument that lacked the necessary sophistication to make it truly effective.

For example, what good would such a filter be to a parent who wished to safeguard his/her children from accessing the seedy side of the internet, but wished to retain the ability to occasionally access such material him/herself?

Further, it’s only fair to ask how effective a filter of specific websites can be, when young teenagers have already proven themselves startlingly adept at using new technology and (perfectly legitimate) social networks to create and distribute their own distinctly ‘adult’ material in the form of explicit home-videos, ‘sexts’ and ‘slash’ fiction (amateur pornographic literature). While an ISP level filter might well stop one household’s children from accessing pornographic websites, it wouldn’t stop them from looking at exactly the same material downloaded by a friend and then shared via Facebook or Tumblr.

The reality is that while an ISP filtering regime may initially appear attractive (especially when offered as a simple ‘set and forget’ package) it’s far from being a panacea solution to regulating children’s behaviour online. A simplistic Opt-In or Opt-Out regime fails to take account of the complex patterns of household computer use and provides no protection against inappropriate material shared via legitimate social networks.

Late nights for Facebook’s legal team in the wake of Yahoo! filing a suit against the social network claiming that it operates in breach of ten patents held in Yahoo’s portfolio.

Outsiders were quick to note that Yahoo didn’t seem to have a problem with Facebook’s technology until very recently, many going so far as to speculate that Yahoo’s decision to go to court may have less to do with defending intellectual property and more to do with securing a settlement paid in equity before Facebook goes public later this year.

As well as underscoring the importance of patenting innovations at the first possible opportunity, Yahoo’s claim raises interesting questions about whether current software patenting regimes (both in the UK and US) are viable in the longer term.

What exactly does Yahoo have the rights to?

A quick look at the ten patents that underpin Yahoo’s claim indicates that, prima facie, it has the rights to patents which enable Facebook features as diverse as placing targeted adverts on user’s profile pages, ‘liking’ posts/entities, sending instant messages to other users’ message inboxes, and previewing how privacy settings will look to others.

If Yahoo really does have such rights over those intellectual properties, then it may be that it could launch similar proceedings against an innumerable other tech companies; for example, every service with an equivalent of the ‘like’ feature, or that uses targeted adverts. That’s a prospect which is made particularly worrying by virtue of the fact that Yahoo can do so without having to demonstrate that it actually uses the patents it holds (it doesn’t, for example, have to show that it operates its own social networking service which Facebook imitates).

That’s not a position which is unique to Yahoo; companies such as Microsoft and Google also own sizeable portfolios of registered patents which could be used for similar litigation if they wished. The only factors that prevent them from acting in that, what might perhaps be called abusive, fashion are commercial rather than legal; which raises the question of whether it’s realistic to continue to work with such a patent system.

How to debug the patent system?

Given that software patents are, by their very nature, descriptive rather than definitive (unlike, say, pharmaceutical patents for chemical formulas) it’s not unfair to question whether the current system is the best option for policing intellectual property in the area.

Suggestions for reform range from minor tweaks, such as calling for software patents to be more specifically defined, to more drastic measures, such as providing for patents unused by their holders to lapse after short time-spans. More radically, some commentators (such as web entrepreneur and former Yahoo employee Andy Baio) have called for software patents to be scrapped altogether, leaving the market regulated solely by copyright.

Proposals aside, what is clear is that the sheer scale of the Yahoo litigation is likely to attract the attention of legislators on both sides of the Atlantic, especially in the event that it is successful. That means that its outcome is likely to have implications not just for Facebook’s future share price, but also for the intellectual property rights of the software industry as a whole.

Tamiz v Google Inc is the latest in a series of cases in which individuals have sought damages from Google in respect of allegedly defamatory material published about them on its ‘Blogger.com’ platform.

Google’s usual policy for dealing with such complaints is to refuse to take sides, awaiting a court order before taking action. This approach has led to cases such as Tamiz, in which defendants have sued Google directly after it has denied takedown requests.

A safe harbour for providers of data storage…

In Tamiz, Google relied on the protection, or ‘safe harbour,’ contained in s.19 of the Electronic Commerce (EC Directive) Regulations 2002/2013.

S.19 gives providers of ‘storage of information’ (i.e. providers of conduits for information, who are not active publishers) a complete defence against claims for damages and criminal sanctions brought in respect of unlawful activity conducted, or unlawful information contained, on their servers. In order to avail itself of the defence, the storage provider needs to show that it did not have ‘actual knowledge of unlawful activity’ being conducted and was not aware of ‘facts or circumstances’ that should have made it apparent to it that it was.

The legal argument Google successfully relied on in Tamiz is that a mere complaint by an individual about posted content posted is not enough to make a storage provider aware of ‘unlawful activity’. Without taking the complaint at face-value the service provider cannot conclusively decide whether content is or is not defamatory, and therefore cannot have the sufficient awareness of ‘unlawful activity’ that would require it to remove it.

The judgement represents a continuation of the UK Courts’ tendency to protect providers of online platforms for free speech and data transfer from liability for the acts of users. It should provide reassurance to ‘storage providers’ that, so long as they are not actively publishing or promoting the material, they need not fear complaints about user generated content (UGC), nor feel obliged to act as adjudicator where the truthfulness of content is disputed.

…but what about moorings for pirates?

It is difficult to read s.19 without thinking of the ongoing troubles of Kim Dotcom, the now notorious founder of Megaupload.com.

Given that s.19 can be used as a shield against both civil and criminal proceedings in the UK, it is interesting to speculate whether Dotcom would be under house arrest (for online piracy charges brought against him by the US authorities) had he based his operation within the EU and been UK resident.

After all, would he not be entitled to argue that his organisation was unable to determine whether the materials uploaded by users infringed third party copyright or would that be considered too disingenuous?

All investors look for some form of return, understanding the structure of this return depends on the type of investor and the maturity of the venture.

Tony Kypreos, co-founder of Europe’s leading venture accelerator Springboard.com, will present at this session, where he will share his insights and views on the topic.

James Fulforth, a partner in the Corporate & Commercial team at Kingsley Napley, will talk about some of the specific legal issues which may be considered

Partner Simon Halberstam will be chairing the session.

About Tony: A founding investor in Springboard Accelerator, shareholder / board member of Lingospot Inc, ScreenReach Ltd., P2i Labs, Minimonos, PlayMob, Arachnys, apiary.io and Spontly having been active for the last 10 years in investing in and developing growth stage companies. Tony has also been Group Managing Director of Bauer Digital for the €1.4bn M&A of EMAP plc and on operational board of T-Mobile International and Deutsche Telekom’s VC arm, T-Ventures. His earlier venture experience includes being co-founder of mobile entertainment company, Mobilephonia and leading the repositioning and turnaround of digital services agency Bluewave Ltd into an e-learning compliance company, which was sold in 2003.
Tony holds a BSc (Hon) in Physics & Electronic Systems, Brunel University and an MBA from Henley Business School.

EVENT DETAILS

• Date: 29 March 2012
• Times: 8:30am for a 9:00am start until approximately 10:30am (breakfast will be served)
• Venue: Kingsley Napley LLP, Eagle Court, 6-7 St John’s Lane, London, EC1M 4BG
• RSVP: Click here to request your free place. Places are subject to availability.

Please contact us at events@kingsleynapley.co.uk if you have any questions.

At a first glance, such a proclamation sounds ominous for all organisations that collect user data in order to provide targeted marketing services to organisations. However, a quick look at the law behind the headline should provide both established businesses and potential start-up enterprises with cause for relief.

The first thing to take away from the CNIL’s open letter to Google is that, in principle, there is no legal objection to the use of a combined policy for multiple services. Indeed, the CNIL even goes so far as to “welcome Google’s effort to streamline and simplify its privacy policies” across its various platforms.

The CNIL’s problem with Google’s new policy is about the level of transparency that it provides to users. Specifically, it is concerned that “the new privacy policy provides only general information about all the services and types of personal data Google processes”, which as a consequence means that it is “extremely difficult to know exactly which data is combined between which services for which purposes, even for trained privacy professionals”.

What does a data-gatherer need to tell a data-subject?

The real objection then, is not that Google can’t do what it wants to do with user data (collect it and share it across multiple platforms), it’s that it can’t do it without telling its users exactly what data is going to be recorded and to whom the records will be disclosed.

The legal basis for the CNIL’s concerns can be found within Articles 10 and 11 of Directive 95/46/EC; which state that where data is collected from or about ‘data subjects’ those subjects have the right to know the ‘categories of data’ that are being recorded, the ‘purpose of the processing’ of that data, as well as the ‘recipients or categories of recipients’ to whom it will be made available.

While the CNIL has not publicly spelled out the steps that it feels Google needs to take in order to achieve compliance, it’s a fair bet to guess that a satisfactory redress probably involves Google specifically disclosing to users the details of which types of data each of its services collects and then circulates to the others. More crucially, it may even need to explain the purposes for which its separate platforms then use that data.

Ultimately, however, Article 10 and 11 reflect little more than the “informed consent” principle that underpins “data protection/privacy” laws and the protection of individual rights. The CNIL’s objections in this instance simply spell out the fact that the ‘Informed’ part of that principle is just as important as the ‘Consent’.

The Information Commissioner has put in place a one year moratorium on enforcement of the new regulations to allow businesses sufficient time to formulate their plans for compliance. Businesses have been reluctant to implement consent measures on their websites, citing reasons such as the options available being very detrimental to the user experience (e.g. pop-ups) and fears surrounding the paucity of key site analytical data that will be collected should users not consent to the download of cookies.

Clearly mindful of the confusion and apprehension surrounding implementation of the new cookies regulations, the Information Commissioner published updated advice regarding cookie compliance on 13 December 2011. The Commissioner’s additional interpretation of the new regulations is summarised below.

Consent

Consent must involve the end-user knowingly indicating their acceptance, for example by actively clicking an icon or subscribing to a service.

Although the cookies regulations do not use the term “prior”, the Commissioner expects cookies to be set only after consent and full information about the cookies to be downloaded has been given. It is recognised that cookies are often downloaded the moment a user arrives on a site. If possible, web managers should postpone the download of cookies until users have been given sufficient information to make a choice about whether or not they want cookies on their machines. However, if delaying the download of cookies is not possible, then websites should ensure they minimise, as much as possible, the time between the first cookie being downloaded and the point where sufficient information is provided to the user and consent can be given.

Responsibility for compliance

The Commissioner considers that the person or entity setting the cookie is primarily responsible for compliance with the cookies regulations. However, when a third party’s cookies are dropped via a website, the Commissioner takes the stance that both parties are responsible for compliance with the law. In practice, the information requirements and opportunity for a user to give their consent will be provided on the website that the cookies are dropped from. As such, third parties dropping cookies, and the sites they drop cookies from, are encouraged to work together to achieve compliance. Third parties should seek to include contractual obligations upon the websites they drop cookies from in respect of the consent and information requirements in the regulations.

Organisations contemplating avoidance tactics have been considered by the Commissioner also. A website hosted overseas (outside the EU) will still likely have to comply with the cookies regulations if:

• the organisation which owns the website is based in the UK; or
• the website itself is designed for the European market; or
• products and services are provided from the website to customers predominantly based in Europe.

Enforcement

The Commissioner has also revealed the primary enforcement actions available to him for organisations which refuse or fail to comply with the cookies regulations, namely:

• Information notice. A request for specific information from an organisation within a specified time frame.
• Undertaking. An organisation must carry out specific action to improve its level of compliance.
• Enforcement notice. An organisation must carry out specific actions to ensure compliance with the regulations. Failure to comply with this notice may be considered a criminal offence.
• Monetary penalty notice. A fine up to a £500,000 maximum, to be used for only for the most serious breaches.

Enforcement action will be proportionate to the issue that it seeks to address. As such, cookies which do not greatly impinge on a user’s privacy rights (e.g. first party analytical cookies and those used to support the accessibility of sites and services) are likely to register extremely low on the Commissioner’s priority list for enforcement. The Commissioner has gone as far as suggesting that, while not considering them exempt from the regulations, he is unlikely to embark on “any consideration of regulatory action” in respect of the cookies referenced above, so long as organisations have done all they can to provide users with prominent and sufficient information about the purpose of such cookies. On the other hand, organisations dropping cookies which closely relate to user’s personal information should be prioritising implementation of the consent (and information) requirements of the regulations.

Conclusion

The additional guidance from the Commissioner suggests that a common sense attitude will be taken in respect of enforcement of the regulations from May onwards. However, what is stressed throughout the updated guidance is that the new regulations cannot be ignored and organisations should currently be doing all they can to achieve compliance.

eDate Advertising v X

In 1993, X and his brother were sentenced by a German court to life imprisonment for murder. X was released on parole in January 2008.

eDate Advertising (established in Austria) linked from the info news section on its website to a report that named X and stated that he had lodged an appeal against his conviction. In addition to a brief description of the crime, the report also contained a quote from X’s lawyer saying that X intended to prove that several of the principal witnesses for the prosecution had not told the truth at the trial. X requested eDate Advertising to stop reporting on the matter and to refrain from any future publication. eDate Advertising did not reply but removed the disputed information from its website.

Not satisfied with this, X brought an action before the German courts to prevent eDate Advertising from using his full name when reporting about the crime. eDate Advertising argued that the German court had no jurisdiction to make any order restricting publication outside of Germany. Therefore, the court referred the matter to the ECJ to make a ruling on whether it had such jurisdiction.

Martinez v MGN

The French actor Olivier Martinez and his father brought an action before the Paris Regional court that his private life had been interfered with, following a posting on the website ‘www.sundaymirror.co.uk’, entitled ‘Kylie Minogue is back with Olivier Martinez’, with pictures and details of a meeting between Kylie and Olivier.

The action was brought against MGN, the publisher of the Sunday Mirror. MGN raised the objection that the Paris Regional court lacked jurisdiction to make any order restricting publication, as the article was in English and on a UK website. The Parisian court also referred the matter to the ECJ to rule on jurisdiction.

The ECJ found that:

Where there was an alleged infringement of personality rights by way of content placed on an internet website, the claimant could bring an action either 1) before the courts in the country where the publisher is established, or 2) before the courts where the claimant is based, or 3) before the courts of each country where the allegedly infringing content is or has been accessible online.

Conclusion

The ECJ appears to be adopting a wide interpretation in order to protect an individual’s personality rights on the internet, allowing potential claimants several options as to how they want to bring an action against any infringer. Publishers should take a more careful approach to what and how they post information. In light of this clarification, ‘forum shopping’ by claimants may become more prevalent.

Venue: 6-7 St. Johns Lane, London, EC1M 4AJ

Who should attend: the event is particularly relevant to CEOs, CIOs, FDs and COOs, directors, business owners and in-house lawyers at technology companies

Tech entrepreneurs occupy parallel tech universes. In one, huge profitless companies command massive valuations and attract large slugs of capital. In the other, high-energy but low-profile businesses seem confined to run on the daily treadmill without recognition or reward. There must be a bridge between the two!

We are delighted that Ken Olisa, founding head of technology merchant bank Restoration Partners, will join us to share some of his experiences as a 40 year IT veteran. Amongst other roles, Ken is previous Master of the Worshipful Information Technologists’ Company.

Ken will be answering questions such as: which is better – organic growth or acquisitions? debt or equity? home or abroad? Optimism or pessimism?

He will also provide a framework which helps entrepreneurs to make sense of the parallel universe problem and escape from the curse of rational incrementalism.

James Fulforth, a partner in Kingsley Napley’s Corporate and Commercial team, will talk about recent legal developments relevant to tech companies.

Partner Simon Halberstam will be chairing the event.

Click here for further information about the event.

To register for your free place at this seminar,  please email events@kingsleynapley.co.uk with your contact details. Confirmations are subject to availability.

Here are a few of the key benefits to consumers:

1) Hidden charges and costs on the Internet will be eliminated

From now on, consumers must explicitly confirm that they understand that they have to pay a price and will be protected against hidden “cost traps” on the Internet, for example,paying for ‘free’ services, such as recipes.

2) Increased price transparency

Traders have to disclose the total cost of the product or service, as well as any extra fees. Consumers will not have to pay charges or other costs if they were not properly informed before they place an order.  This is an issue that has attracted particular focus in the budget airline market.

3) Banning pre-ticked boxes on websites

Currently, consumers often unwittingly end up with additional services on a default basis having failed to un-tick associated boxes. These pre-ticked boxes will be banned across the EU meaning that positive “buy-in” will be necessary.

4) 14 Days to change your mind on a purchase

Previously, the time period where a consumer could withdraw from a sales contract was 7 calendar days. This has been extended to 14 calendar days. The time period will also start from the moment the consumer receives the goods, as opposed to the old legislation, which was from the conclusion of the contract. In addition:

• Where a seller hasn’t clearly informed the customer about the withdrawal right, the return period will be extended to a year;
• Where a trader calls a consumer beforehand and presses the consumer to agree to a visit (solicited visit), the consumer will also enjoy the right to withdraw;
• Online auctions, such as eBay are also included (though goods bought in auctions can only be returned when bought from a professional seller); and
• The EU has introduced a model withdrawal form which can be used for any contract in the EU, making it more accessible and faster for consumers.

5) Better refund rights

Consumers must now receive their refund within 14 days of the withdrawal. This includes the costs of delivery. Also, if traders want the consumer to bear the cost of returning goods after they change their mind, they have to clearly inform consumers about that beforehand, typically in their terms and conditions, otherwise they have to pay for the return themselves. Traders must also give an estimate of the maximum costs of returning bulky goods before the purchase, so consumers can make an informed choice before deciding from whom to buy.

6) Eliminating surcharges for the use of credit cards and hotlines

Traders will not be able to charge consumers more for paying by credit card (or other means of payment) than what it actually costs the trader. Traders who operate telephone hotlines will also be unable to charge more than the basic telephone rate for the telephone calls.

7) Information on digital products

More detail will be provided, including product compatibility with hardware and software and the application of any technical protection measures, for example limiting the right for the consumers to make copies of the content.

Unified approach for businesses over Europe

The new legislation provides common rules for all businesses to ensure a similar approach in trading. These include:

• A single set of core rules for distance contracts and off-premises contracts in the European Union, creating a level playing field and reducing transaction costs for cross-border traders, especially for sales by internet; and
• Standard forms, for example one to comply with the necessary information requirements on the right of withdrawal.

The full text of the directive will be published in the Official Journal shortly. Member states will have two years from the publication in the Official Journal to implement the Directive into national legislation.

• Could be jointly liable for trade mark infringement through the sale of infringing products by its users;
• Could be liable for infringement through the use of sponsored links on third party search engines and its own site insofar as they led people to postings for infringing products;
• Had a defence under Article 14 of the E-Commerce Directive (2000/31/EC) (Article 14) for liability for information it (as an internet service provider (ISP)) merely “hosts” on behalf of recipients of its service; and/or
• Could, nevertheless, be prevented under Article 11 of the Intellectual Property Rights Enforcement Directive (2004/48/EC) (Article 11) from selling infringing goods on its site, even if there was no infringement by eBay itself.

The ECJ decision, which will go some way to strengthening the position of brand owners , found that eBay can be held to account for infringing activity taking place on its online marketplace, in relation to past, as well as future, infringements under Article 11.

Critically, the ECJ also found that where goods were being sold through eBay by suppliers located outside the EEA, and those goods had not previously been put on the market in the EEA by the trade mark owner, the owner could still enforce its trade mark rights against the seller, as long as the webpage in question was targeted at consumers within the EEA market. This would be a question of fact for national courts to decide, and could take into account the currency of payment, language and even the website address, for example, in L’Oreal v eBay, the address was – www.ebay.co.uk, therefore the ECJ thought this was conclusive that it was aimed for consumers in the UK territory and therefore covered by the national trademarks.

The ECJ then considered whether eBay could rely on the defence in Article 14, and found that eBay could not. The ECJ said that if a diligent economic operator should have been aware of the unlawful activity and did not act in accordance of Article 14(1)(b) and remove the information expeditiously from its site, the defence would not be available. The ECJ further stated that the defence is limited to only the technical and automatic processing of data.

It seems that, following on from the decision of the ECJ:

• The High Court  will be able to place injunctions on intermediaries despite the UK having yet to adopt specific rules to implement Article 11 in full;
• Injunctions against future, as well as past, infringing activity on online marketplaces will now be available for brand owners;
• Online marketplace providers and other ISPs cannot rely on the defence provided by Article 14 if they have played an active role in the promotion or sale of the trade-marked goods, or gained knowledge of facts or circumstances that should have put them on notice that the offers for sale were unlawful, and they failed to act expeditiously.

The net is clearly tightening around portals and peer to peer websites that profit from the interaction of buyers and sellers.  It seems that the number of hiding places for ISPs is also likely to diminish in the near future.